From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

I don't think that hackers are lone wolf pack, but they collaborate, follow a methodology, and an attack life cycle that increases their chances many times. The internet is filled with SDLC products, tools, and testing methodology for attackers to build great malware and test it through various security tools.

While all the good guys are busy competing against each other, the bad guys are all collaborating. There are multiple groups of attackers who find the vulnerabilities, who do research, who infiltrate, discover critical assets, and exfiltrate with data/ IP/ money. All these are people are different and you can never trace back to them as most transactions happen openly in black market websites.

Welcome to our introductory, "Back to the Basics" blog. We are a team focused on innovation but it is hard to embrace innovation unless you have the basics down. And thus, we start this blog series. We begin our series speaking about SIEM use cases, because without understanding use cases, it’ll be tough to understand and explain all the great work you are doing with your SIEM.

HP is really excited to announce the HP ArcSight Logger mobile app for iPhone and iPad. The operation is actually VERY familiar to anyone who has used the normal Web interface with the dashboards. All we are doing is using the REST API to login, access, retrieve and display these dashboards. You can of course customize and change these (from the Logger web interface), but the Apps are designed to just display and view the data. Its simple, easy and VERY straightforward to use.

SIEM is evolving; It is a Cat and a Mouse game with the bad guys. It’s no just cyber criminals who are in the mix, we have state actors and hactivists too. Their means may be different but their methodology is similar.

Is HP ArcSight ready for this challenge? Absolutely yes. ArcSight has evolved SIEM and is currently on 6th generation platform that can consume up to 10 TB of data a day, perform search in full-text english at 2 billion events per second, and analyze 13 billion events in a handful of seconds and create a visualization of trends from a variety of different data types.

HP announced few months ago, a new version of its market-leading security information and event management (SIEM) solution,HP ArcSight ESM. Leveraging enhanced performance capabilities, the new update provides customers with the ability to analyze billions of events per day and greatly accelerate the time it takes to identify and prioritize security threats.

As we welcome 2015 with new resolution and goals, let us take a moment to remember 2014 and see what were the biggest data breaches. Some of them were attacked as early as 2013, but this was the impact in 2014.

ArcSight Logger 6.0 is the fastest search engine on the planet for machine data today. This universal log management solution collects, stores, and analyzes all of your Big Data for security event management.Join us for a free webinar on how ArcSight Logger unifies your entire IT data through a unique technology called normalization and categorization, and then stores and analyzes years’ worth of data for multiple use cases.

HP ArcSight partners with Guidance Software to identify the most critical threats. The new bundled solution is designed for small to medum sized organizations that are both in entry-level mode for security and the ones that have plans to build sophisticated SOC. HP ArcSght Express is a high performance SIEM soluton that correlates securty events in real-time to detect threats. When you combine the best of both worlds such as auto-priorization of events and high performance SIEM, organizations get a simple and powerful automated solutons to combat cyber threats.

Our Professional Services team has done a huge amount of work to help in this vey quickly by building content pack that will help you identify ShellShock vulnerability and monitor the batch bug. We are very proud to make this available to our HP ArcSight community, quickly.

The content is primarily based on based on two rules:

/All Rules/Public/Shellshock/Sysdig Shellshock Exploit Detected

/All Rules/Public/Shellshock/Shellshock Bash Vulnerability Detected

The Sysdig Shellshock Exploit Detected rule looks for events from the Sysdig utility to identify devices as they are probed or attacked with the Shellshock exploit.

The Shellshock Bash Vulnerability Detected rule looks for events where one of the Shellshock vulnerabilities (CVE-2014-6271, CVE-2014-7169 or Nessus - 14272) is referenced.

The Shellshock dashboard gives an overview of the recent Shellshock events reported, as well as a listing of the assets that have been tagged with one of the Shellshock vulnerabilities.

15 tons of ArcSight Logger was shipped to a large enterprise IT the same day a small healthcare company in India bought Logger to manage for just 25 users. HP ArcSight shipped its log management solution for both David and Goliath the same day.

We have been overwhelmed with the positive response we are getting for our brand new HP ArcSight Logger 6.0 that we released last week. You can read about the all-new Logger on this post, but just to summarize it is a universal log management solution that has the best performance to price in the market.

The all new HP ArcSight Logger has many new features including the brand new static correlation through file look up. It means that you simply download a csv file with records and Logger can correlate the search data with the file lookup. Unlike SIEM solution that does real-time correlation of security events across the devices, Logger does static correlation. Check out these video demos built by Paul Brettle who is our security architect for Logger.

In 2013 SANS conducted its first analytics and intelligence survey. In this followup survey, SANS 2014 survey derive deeper understanding of the functional role of intelligence and analytics in the enterprise security management infrastructure. This will also further delve into which tools are implemented, the role of outside third-party service providers and whether or not intelligent analysis is improving an organization's ability to detect, defend and investigate attacks in their networks.

SC Magazine recently recognized and awarded HP ArcSight as the best SIEM Solution in the market. This is a great follow-up after HP took home awards in 6 categories at the Info Security Global Excellence awards last month.

Heartbleed is a serious vulnerability in the popular OpenSSL cryptographic software library and it affects many server web servers and applications. It is difficult to patch all webservers immediately, so it is important to at least track and monitor the type of traffic being generated in your organization. Using the new and updated HP ArcSight Logger 5.5 super indexed fields, users can leverage these fields for ultra-fast search and analyze the security events in real-time.

If the "needle" is the bad guy and the "haystack" is your enterprise, how do you find the needle? Gartner analyst, Neil McDonald, suggests that you separate the hay. From a security context, Neil suggests that you look for meaningful deviations from "normal" in order to isolate where the potential anomaly could emerge.

In the midst of 20,000 users at RSA conference, as I speak with customers, partners, and competitors, I am learning what NOT to do for information security more than what SHOULD be done. Let me share some notes from my meetings on best practices for what NOT to do for information security:

Yes, you read it right. HP won an award in EVERY category in the 10th Annual Info Security Global Excellence Awards at the RSA 2014 Conference. HP even took the Golden Trophy! Read on to see which awards we won!

The outcome of a good security measure is compliance, safe and secured network. When you are obsessed with extreme security and privacy, the outcome may lead to illegal activities. The Bitcoin came into existance for a good cause. It was designed and licensed at MIT, Boston to overcome limitation of centralized currency. It started as a currency protocol and regulators are hoping that it would used only for legal activities.

Online black market sites are feeling extremely vulnerable because the closure of the two main competitors Black Market Reloaded and Sheep Marketplace by authorities.

The multitude of devices, users, and generated traffic all combine to create a proliferation of data that is being created with incredible volume, velocity, and variety. As a result, organizations need a way to protect, utilize, and gain real-time insight from “big data.”

Read through the 8 topics that your boss expects you to know about 'Big Data Security'.

Based on some of the major security threats last year, and my research on cool new trends in the market, this list shows some trends in the security space for 2014 that will continue to build momentum.

The upcoming RSA conference takes place February 24-28 in San Francisco. HP Enterprise Security Products (ESP) is a Platinum sponsor of RSA with the key message: if you want better security, think like a bad guy.

If you are attending RSA, please join us at any of the following activities to hear more.

We welcome you to join us for a live webinar on 1/23 @ 9a PST. It is a joint webinar with Co3 Systems' Gant Redmon. We'll be discussing the similarities in security and compliance policies and how security analytics tools and incident response tools can help you stay out of the headlines for bad reasons.

Many organizations have been lucky enough to never experience a data breach. They don’t think they will ever be breached because they are "too small" or "too big" or simply too confident about their security posture. Let me try to combine some of the experiences and stories that I have heard from organizations that went through a data breach. You may recognize some parts of this story from the news headlines.

Your normal security point solutions or IT operations tools are like Google maps. Good enough to go point from point A to B when things are normal and you are sure of many variables. However if you see the current threat landscape, it is not the case. No two days are same and no two incidents are similar. It is always some new issue, some new source targeting a source in your organization. Pretty much like a holiday traffic that converts 500 mile freeway into a parking lot. You need big data analytics to be augmented on your IT just like Waze does for maps or ArcSight does on your machine data.

HP ArcSight is simple and easy after moving away from relational database. In Feb of this year we launched HP ArcSight ESM 6.0c where 'C' stands for CORRe. CORRe stands for 'Correlation Optimized Retention and Retrieval Engine', which is an HP proprietary columnar database which is built on current open standards that can scale to handle any Big Data.

With it's own database optimized to correlate data and manage Big Data, ArcSight has removed all the complexities such as database tuning, scalabilities, and performance issues.

Visit our website, and learn more about how ArcSight can help you in 25 different use cases from security, compliance, IT operations, ops analytics, big data, machine data consolidation, etc.